Project

General

Profile

Actions

Bug #15026

closed

libsec mistakenly assumes a SID is a group SID

Added by Toomas Soome 2 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
lib - userland libraries
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
External Bug:
racktop:BSR-11372

Description

Need to distinguish user versus group.


Files

testacl.c (1.57 KB) testacl.c Gordon Ross, 2022-10-03 12:44 AM

Related issues

Related to illumos gate - Bug #15072: libsec: sid_to_id() and sid_to_xid() could be improvedClosedToomas Soome

Actions
Actions #1

Updated by Electric Monk 2 months ago

  • Gerrit CR set to 2405
Actions #2

Updated by Gordon Ross 2 months ago

One can use the attached test program (testacl.c) to demonstrate this problem, eg.

$ testacl "sid:S-1-5-21-1813420391-1960978090-3893453006-1000:rwxpd-aARWc--s:fd-----:allow" 

The domain part of that sid is the "local" SID, which can be seen with "smblist".
The relative ID (1000) is a user (UID+1000) and one that idmap has not yet mapped to an ephemeral ID.
Before the fix, this program returns an error for that SID. After, it works.

Actions #3

Updated by Toomas Soome about 2 months ago

  • Related to Bug #15072: libsec: sid_to_id() and sid_to_xid() could be improved added
Actions #4

Updated by Toomas Soome about 2 months ago

  • Status changed from In Progress to Pending RTI
Actions #5

Updated by Electric Monk about 2 months ago

  • Status changed from Pending RTI to Closed
  • % Done changed from 90 to 100

git commit 53312454eef37dec3667cb0a7ab5b73cdda84862

commit  53312454eef37dec3667cb0a7ab5b73cdda84862
Author: Gordon Ross <gwr@racktopsystems.com>
Date:   2022-10-12T19:41:25.000Z

    15026 libsec mistakenly assumes a SID is a group SID
    Reviewed by: Garrett D'Amore <garrett@damore.org>
    Reviewed-by: Jerry Jelinek <gjelinek@racktopsystems.com>
    Reviewed by: Matt Barden <mbarden@tintri.com>
    Approved by: Dan McDonald <danmcd@mnx.io>

Actions

Also available in: Atom PDF